Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I correctly setup custom headers with nginx ingress?

Tags:

kubernetes

nginx-ingress

I have the following configuration:

daemonset:

apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: nginx-ingress
  namespace: nginx-ingress
spec:
  selector:
    matchLabels:
      app: nginx-ingress
  template:
    metadata:
      labels:
        app: nginx-ingress
    spec:
      serviceAccountName: nginx-ingress
      containers:
      - image: nginx/nginx-ingress:1.4.2-alpine
        imagePullPolicy: Always
        name: nginx-ingress
        ports:
        - name: http
          containerPort: 80
          hostPort: 80
        - name: https
          containerPort: 443
          hostPort: 443
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        args:
          - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config
          - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret

main config:

apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-config
  namespace: nginx-ingress
data:
  proxy-set-headers: "nginx-ingress/custom-headers"
  proxy-connect-timeout: "11s"
  proxy-read-timeout: "12s"
  client-max-body-size: "5m"
  gzip-level: "7"
  use-gzip: "true"
  use-geoip2: "true"

custom headers:

apiVersion: v1
kind: ConfigMap
metadata:
  name: custom-headers
  namespace: nginx-ingress
data:
  X-Forwarded-Host-Test: "US"
  X-Using-Nginx-Controller: "true"
  X-Country-Name: "UK"

I am encountering the following situations:

  • If I change one of "proxy-connect-timeout", "proxy-read-timeout" or "client-max-body-size", I can see the changes appearing in the generated configs in the controller pods
  • If I change one of "gzip-level" (even tried "use-gzip") or "use-geoip2", I see no changes in the generated configs (eg: "gzip on;" is always commented out and there's no other mention of zip, the gzip level doesn't appear anywhere)
  • The custom headers from "ingress-nginx/custom-headers" are not added at all (was planning to use them to pass values from geoip2)

Otherwise, all is well, the controller logs show that my only backend (an expressJs app that dumps headers) is server correctly, I get expected responses and so on.

I've copied as much as I could from the examples on github, making a minimum of changes but no results (including when looking at the examples for custom headers).

Any ideas or pointers would be greatly appreciated.

Thanks!

like image 590
Andrei Dascalu Avatar asked Jan 07 '19 23:01

Andrei Dascalu

People also ask

What is nginx ingress default backend?

The default backend is a service which handles all URL paths and hosts the Ingress-NGINX controller doesn't understand (i.e., all the requests that are not mapped with an Ingress). Basically a default backend exposes two URLs: /healthz that returns 200. / that returns 404.

What is nginx ingress Kubernetes IO configuration snippet?

The configuration-snippet is to add configs to locations. If you want to add a custom location to the server context, you should use the server-snippet instead: Using the annotation nginx.ingress.kubernetes.io/server-snippet it is possible to add custom configuration in the server configuration block.

How do I activate Cors in ingress?

Voyager can enable and configure CORS for all HTTP frontends via following ingress annotations: ingress.appscode.com/enable-cors : If set to true enables CORS for all HTTP Frontend. By default CORS is disabled. ingress.appscode.com/cors-allow-headers : Specifies allowed headers when CORS enabled.

1 Answers

Use ingress rule annotations.

Example:
 apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: my-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/configuration-snippet: |
      more_set_headers "server: hide";
      more_set_headers "X-Content-Type-Options: nosniff";
      more_set_headers "X-Frame-Options: DENY";
      more_set_headers "X-Xss-Protection: 1";
  name: myingress
  namespace: default
spec:
  tls:
  - hosts:

I used nginx server 1.15.9

like image 193
Petr Šejn Avatar answered Nov 01 '22 19:11

Petr Šejn
Sign in to Comment

Related questions

Dockerfile is not a valid repository/tag: invalid reference format
Disable Transparent Huge Pages from Kubernetes
Openshift vs Rancher, what are the differences? [closed]
Best practices of Export/Import Keycloak data in Kubernetes
Kubernetes deploy failed with "Failed create pod sandbox" in GKE
How to customize error pages served via the default backend of an nginx ingress controller?
How to get list of pods which are "ready"?
GitLab-CI Kubernetes Variables aren't set?
SELinux is not supported with the overlay graph driver
Ansible playbook wait until all pods running
How can I view the config details of the current context in kubectl?
Exclude Resource in kustomization.yaml
On kubernetes helm how to replace a pod with new config values
Create Daemonset using kubectl?
How to hide a column with Kubectl
MountVolume.SetUp failed for volume "mongo" : hostPath type check failed: /mongo/data is not a directory
How can I install minikube on Mac OS Catalina
WIll "helm upgrade" restart PODS even if they are not affected by upgrade?
Kubernetes set-up on ubuntu on Google compute
minikube does not start on ubuntu 20.04 LTS. Exiting due to GUEST_PROVISION

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!